Skip to main content
J
j_filipe
Senior
September 12, 2025
Question

Flashing an encrypted Firmware

  • September 12, 2025
  • 2 replies
  • 835 views

Greetings, 
I am using a STM32U585 MCU and I made a custom made code that implements the DFU protocol. I could successfully flash a firmare through .bin file and set the Option Bytes, set RDP level 1 and go back to RDP level 0. 
What I want to do is to be able to flash an encrypted firmware into the board using my method. So obviously, I can't do it through the STM32CubeProgrammer or STM32TrustedPackageCreator since I don't want to depend from any ST HSM smartcard, so I guess I can't do it with SFI way. Is there any other way to encrypt a firmware file, then upload it to the board and the board itself be capable of decrypt the firmware and run it? 
BTW, I am being using the B-U585I-IOT02A board to make the tests.
Thank you! 

2 replies

Pavel A.
Pavel A.
Super User
September 12, 2025

Of course you can prepare encrypted image file not using the SFI and ST hardware security modules. Use whatever you like. Your program will then decrypt the file and self-update.  The question is how you're going to provide to the STM32 the key for decryption and authentication info (certificate?).

 

    J
    j_filipeAuthor
    Senior
    September 16, 2025

    But like, make a custom bootloader to make the decryption? 

    Pavel A.
    Pavel A.
    Super User
    September 16, 2025

    Yes, a custom bootloader.

      J
      j_filipeAuthor
      Senior
      September 17, 2025

      Okay. 
      Using OpenBootloader project as a starting point is a good option? If I want to use USB interface, what would be the next step? 

      Terms & ConditionsAccessibility statement